Episode Synopsis "Phishing 2FA Tokens with CredSniper - Tradecraft Security Weekly #25"

Organizations are implementing two-factor on more and more web services. The traditional methods for phishing credentials is no longer good enough to gain access to user accounts if 2FA is setup. In this episode Mike Felch (@ustayready) and Beau Bullock (@dafthack) demonstrate a tool that Mike wrote called CredSniper that assists in cloning portals for harvesting two-factor tokens. Links: https://github.com/ustayready/CredSniper

Listen "Phishing 2FA Tokens with CredSniper - Tradecraft Security Weekly #25"

More episodes of the podcast Tradecraft Security Weekly

• Black Hat & DEF CON 2018 - Tradecraft Security Weekly #28
• Phishing 2FA Tokens with CredSniper - Tradecraft Security Weekly #25
• Evading Network-Based Detection Mechanisms - Tradecraft Security Weekly #24
• HTML5 Storage Exfil via XSS - Tradecraft Security Weekly #23
• Leaking Windows Creds Externally Via MS Office - Tradecraft Security Weekly #21
• Google Event Injection - Tradecraft Security Weekly 20